myaidev-method 0.2.7 → 0.2.9

package/src/server/auth/middleware/authMiddleware.ts

@@ -0,0 +1,118 @@
+import { MiddlewareHandler } from "hono";
+import { getCookie } from "hono/cookie";
+import { Effect, ManagedRuntime } from "effect";
+import { AuthService } from "../services/AuthService.js";
+import { PasswordService } from "../services/PasswordService.js";
+import { TokenService } from "../services/TokenService.js";
+import { UserRepository } from "../services/UserRepository.js";
+import { SessionRepository } from "../services/SessionRepository.js";
+import { AuditLogService } from "../services/AuditLogService.js";
+import { DatabaseService } from "../../database/db.js";
+import { Session, User } from "../../../shared/types.js";
+
+// Extend Hono Context with user and session
+declare module "hono" {
+  interface ContextVariableMap {
+    user: User;
+    session: Session;
+  }
+}
+
+// Type for the application runtime context
+export type AppRuntimeContext =
+  | PasswordService
+  | TokenService
+  | UserRepository
+  | SessionRepository
+  | AuditLogService
+  | AuthService
+  | DatabaseService;
+
+/**
+ * Factory function to create auth middleware with proper Effect-TS ManagedRuntime injection
+ * @param runtime - The Effect-TS ManagedRuntime with all required services
+ * @returns Configured Hono middleware handler
+ */
+export const createAuthMiddleware = (
+  runtime: ManagedRuntime.ManagedRuntime<AppRuntimeContext, never>
+): MiddlewareHandler => {
+  return async (c, next) => {
+    // Extract token from Authorization header or cookie
+    let token: string | undefined;
+
+    const authHeader = c.req.header("Authorization");
+    if (authHeader?.startsWith("Bearer ")) {
+      token = authHeader.substring(7);
+    } else {
+      token = getCookie(c, "auth_token");
+    }
+
+    if (!token) {
+      return c.json(
+        {
+          error: "UNAUTHORIZED",
+          message: "No authentication token provided",
+        },
+        401
+      );
+    }
+
+    // Verify token using AuthService with runtime
+    const verifyEffect = Effect.gen(function* () {
+      const authService = yield* AuthService;
+      return yield* authService.verifyToken(token);
+    });
+
+    const result = await runtime.runPromiseExit(verifyEffect);
+
+    if (result._tag === "Failure") {
+      const cause = result.cause;
+
+      if (cause._tag === "Fail") {
+        const failureError = cause.error;
+
+        if (failureError && typeof failureError === "object" && "_tag" in failureError) {
+          const typedError = failureError as {
+            _tag: string;
+            message: string;
+          };
+
+          switch (typedError._tag) {
+            case "AuthError":
+              return c.json(
+                {
+                  error: "AUTH_ERROR",
+                  message: typedError.message,
+                },
+                401
+              );
+            case "DatabaseError":
+              return c.json(
+                {
+                  error: "INTERNAL_ERROR",
+                  message: "Database error occurred",
+                },
+                500
+              );
+          }
+        }
+      }
+
+      // Handle unknown errors
+      return c.json(
+        {
+          error: "INTERNAL_ERROR",
+          message: "An unexpected error occurred",
+        },
+        500
+      );
+    }
+
+    // Success - inject user and session into context
+    const verifyResult = result.value;
+    c.set("user", verifyResult.user);
+    c.set("session", verifyResult.session);
+
+    return await next();
+  };
+};

package/src/server/auth/routes/authRoutes.ts

@@ -0,0 +1,319 @@
+import { Hono } from "hono";
+import { setCookie } from "hono/cookie";
+import { Effect, ManagedRuntime } from "effect";
+import { AuthService } from "../services/AuthService.js";
+import { AppRuntimeContext } from "../middleware/authMiddleware.js";
+import {
+  AuthResponse,
+  LoginRequest,
+  RegisterRequest,
+} from "../../../shared/types.js";
+
+// Cookie configuration
+const COOKIE_OPTIONS = {
+  httpOnly: true,
+  secure: process.env["NODE_ENV"] === "production",
+  sameSite: "strict" as const,
+  maxAge: 7 * 24 * 60 * 60, // 7 days in seconds
+  path: "/",
+};
+
+/**
+ * Factory function to create auth routes with proper Effect-TS ManagedRuntime injection
+ * @param runtime - The Effect-TS ManagedRuntime with all required services
+ * @param authMiddleware - The configured auth middleware instance
+ * @returns Configured Hono router instance
+ */
+export const createAuthRoutes = (
+  runtime: ManagedRuntime.ManagedRuntime<AppRuntimeContext, never>,
+  authMiddleware: ReturnType<typeof import("../middleware/authMiddleware.js").createAuthMiddleware>
+) => {
+  const authRouter = new Hono();
+
+  /**
+   * POST /api/auth/register
+   * Register a new user
+   */
+  authRouter.post("/register", async (c) => {
+    const body = await c.req.json<RegisterRequest>();
+    const { username, email, password } = body;
+
+    if (!username || !email || !password) {
+      return c.json(
+        {
+          error: "VALIDATION_ERROR",
+          message: "Username, email, and password are required",
+        },
+        400
+      );
+    }
+
+    // Extract IP address and user agent
+    const ipAddress = c.req.header("x-forwarded-for") || c.req.header("x-real-ip") || null;
+    const userAgent = c.req.header("user-agent") || null;
+
+    // Register user
+    const registerEffect = Effect.gen(function* () {
+      const authService = yield* AuthService;
+      return yield* authService.register(
+        username,
+        email,
+        password,
+        ipAddress,
+        userAgent
+      );
+    });
+
+    const result = await runtime.runPromiseExit(registerEffect);
+
+    if (result._tag === "Failure") {
+      const cause = result.cause;
+
+      if (cause._tag === "Fail") {
+        const failureError = cause.error;
+
+        if (failureError && typeof failureError === "object" && "_tag" in failureError) {
+          const typedError = failureError as {
+            _tag: string;
+            message: string;
+            field?: string;
+          };
+
+          switch (typedError._tag) {
+            case "ValidationError":
+              return c.json(
+                {
+                  error: "VALIDATION_ERROR",
+                  field: typedError.field,
+                  message: typedError.message,
+                },
+                400
+              );
+            case "AuthError":
+              return c.json(
+                {
+                  error: "AUTH_ERROR",
+                  message: typedError.message,
+                },
+                400
+              );
+            case "DatabaseError":
+              return c.json(
+                {
+                  error: "INTERNAL_ERROR",
+                  message: "Database error occurred",
+                },
+                500
+              );
+          }
+        }
+      }
+
+      return c.json(
+        {
+          error: "INTERNAL_ERROR",
+          message: "An unexpected error occurred",
+        },
+        500
+      );
+    }
+
+    const user = result.value;
+
+    return c.json(
+      {
+        user: {
+          id: user.id,
+          username: user.username,
+          email: user.email,
+          emailVerified: user.emailVerified,
+        },
+      },
+      201
+    );
+  });
+
+/**
+ * POST /api/auth/login
+ * Login user and create session
+ */
+authRouter.post("/login", async (c) => {
+  const body = await c.req.json<LoginRequest>();
+  const { email, password } = body;
+
+  if (!email || !password) {
+    return c.json(
+      {
+        error: "VALIDATION_ERROR",
+        message: "Email and password are required",
+      },
+      400
+    );
+  }
+
+  // Extract IP address and user agent
+  const ipAddress = c.req.header("x-forwarded-for") || c.req.header("x-real-ip") || null;
+  const userAgent = c.req.header("user-agent") || null;
+
+  // Login user
+  const loginEffect = Effect.gen(function* () {
+    const authService = yield* AuthService;
+    return yield* authService.login(email, password, ipAddress, userAgent);
+  });
+
+  const result = await runtime.runPromiseExit(loginEffect);
+
+  if (result._tag === "Failure") {
+    const cause = result.cause;
+
+    if (cause._tag === "Fail") {
+      const failureError = cause.error;
+
+      if (failureError && typeof failureError === "object" && "_tag" in failureError) {
+        const typedError = failureError as {
+          _tag: string;
+          message: string;
+        };
+
+        switch (typedError._tag) {
+          case "AuthError":
+            return c.json(
+              {
+                error: "AUTH_ERROR",
+                message: typedError.message,
+              },
+              401
+            );
+          case "DatabaseError":
+            return c.json(
+              {
+                error: "INTERNAL_ERROR",
+                message: "Database error occurred",
+              },
+              500
+            );
+        }
+      }
+    }
+
+    return c.json(
+      {
+        error: "INTERNAL_ERROR",
+        message: "An unexpected error occurred",
+      },
+      500
+    );
+  }
+
+  const loginResult = result.value;
+
+  // Set httpOnly cookie with token
+  setCookie(c, "auth_token", loginResult.token, COOKIE_OPTIONS);
+
+  const response: AuthResponse = {
+    user: {
+      id: loginResult.user.id,
+      username: loginResult.user.username,
+      email: loginResult.user.email,
+      emailVerified: loginResult.user.emailVerified,
+    },
+    token: loginResult.token,
+  };
+
+  return c.json(response, 200);
+});
+
+/**
+ * POST /api/auth/logout
+ * Logout user and revoke session
+ * Requires authentication
+ */
+authRouter.post("/logout", authMiddleware, async (c) => {
+  const user = c.get("user");
+  const session = c.get("session");
+
+  // Logout user
+  const logoutEffect = Effect.gen(function* () {
+    const authService = yield* AuthService;
+    return yield* authService.logout(session.id, user.id);
+  });
+
+  const result = await runtime.runPromiseExit(logoutEffect);
+
+  if (result._tag === "Failure") {
+    const cause = result.cause;
+
+    if (cause._tag === "Fail") {
+      const failureError = cause.error;
+
+      if (failureError && typeof failureError === "object" && "_tag" in failureError) {
+        const typedError = failureError as {
+          _tag: string;
+          message: string;
+        };
+
+        if (typedError._tag === "DatabaseError") {
+          return c.json(
+            {
+              error: "INTERNAL_ERROR",
+              message: "Database error occurred",
+            },
+            500
+          );
+        }
+      }
+    }
+
+    return c.json(
+      {
+        error: "INTERNAL_ERROR",
+        message: "An unexpected error occurred",
+      },
+      500
+    );
+  }
+
+  // Clear cookie
+  setCookie(c, "auth_token", "", {
+    ...COOKIE_OPTIONS,
+    maxAge: 0,
+  });
+
+  return c.json({ message: "Logged out successfully" }, 200);
+});
+
+/**
+ * GET /api/auth/me
+ * Get current authenticated user
+ * Requires authentication
+ */
+authRouter.get("/me", authMiddleware, async (c) => {
+  try {
+    const user = c.get("user");
+
+    return c.json(
+      {
+        user: {
+          id: user.id,
+          username: user.username,
+          email: user.email,
+          emailVerified: user.emailVerified,
+          createdAt: user.createdAt,
+          lastLoginAt: user.lastLoginAt,
+        },
+      },
+      200
+    );
+  } catch (error) {
+    return c.json(
+      {
+        error: "INTERNAL_ERROR",
+        message: "An unexpected error occurred",
+      },
+      500
+    );
+  }
+});
+
+  return authRouter;
+};

package/src/server/auth/services/AuditLogService.ts

@@ -0,0 +1,81 @@
+import { Context, Effect, Layer } from "effect";
+import { randomUUID } from "node:crypto";
+import { DatabaseService } from "../../database/db.js";
+import { DatabaseError } from "../../../shared/types.js";
+
+export interface CreateAuditLogData {
+  userId: string | null;
+  action: AuditAction;
+  resourceType?: string | null;
+  resourceId?: string | null;
+  ipAddress?: string | null;
+  userAgent?: string | null;
+  details?: string | null;
+}
+
+export type AuditAction =
+  | "USER_REGISTERED"
+  | "USER_LOGIN"
+  | "USER_LOGOUT"
+  | "LOGIN_FAILED"
+  | "PASSWORD_CHANGED"
+  | "PASSWORD_RESET_REQUESTED"
+  | "PASSWORD_RESET_COMPLETED"
+  | "EMAIL_VERIFIED"
+  | "EMAIL_CHANGED"
+  | "PROFILE_UPDATED"
+  | "ACCOUNT_LOCKED"
+  | "ACCOUNT_UNLOCKED"
+  | "SESSION_CREATED"
+  | "SESSION_REVOKED"
+  | "TOKEN_REFRESHED"
+  | "OAUTH_LINKED"
+  | "OAUTH_UNLINKED"
+  | "TWO_FACTOR_ENABLED"
+  | "TWO_FACTOR_DISABLED";
+
+export class AuditLogService extends Context.Tag("AuditLogService")<
+  AuditLogService,
+  {
+    readonly log: (
+      data: CreateAuditLogData
+    ) => Effect.Effect<void, DatabaseError>;
+  }
+>() {
+  static Live = Layer.effect(
+    this,
+    Effect.gen(function* (_) {
+      const db = yield* _(DatabaseService);
+
+      const log = (
+        data: CreateAuditLogData
+      ): Effect.Effect<void, DatabaseError> =>
+        Effect.gen(function* (_) {
+          const id = randomUUID();
+          const now = Date.now();
+
+          yield* _(
+            db.run(
+              `INSERT INTO audit_logs (
+                id, user_id, action, resource_type, resource_id,
+                ip_address, user_agent, details, created_at
+              ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+              [
+                id,
+                data.userId,
+                data.action,
+                data.resourceType ?? null,
+                data.resourceId ?? null,
+                data.ipAddress ?? null,
+                data.userAgent ?? null,
+                data.details ?? null,
+                now,
+              ]
+            )
+          );
+        });
+
+      return { log };
+    })
+  );
+}